Tuesday, October 11, 2011

Online Social Media and Internet Investigations (Six One Hour Sessions)
Presented By
Charles Cohen, Cohen Training and Consulting, LLC
Charles Cohen also holds the position of Commander, Special Investigations and Criminal Intelligence, Indiana State Police, USA

8:30-9:30: Session 1 of 6
What Investigators & Analysts Need to Know about Online Social Media.
This session is for criminal investigators and intelligence analysts who need to understand the impact of online social networking on how criminals communicate, train, interact with victims, and facilitate their criminality.

9:45-10:45: Session 2 of 6
OSINT and Criminal Investigations 
Now that the Internet is dominated by Online Social Media, OSINT is a critical component of criminal investigations.  This session will demonstrate, through case studies, how OSINT can and should be integrated into traditional criminal investigations.

11:00-12:00: Session 3 of 6
Successful Use of Online Social Media in Criminal Investigations
This session is for investigators who need to understand social network communities along with the tools, tricks, and techniques to prevent, track, and solve crimes.

1:00-2:00: Session 4 of 6
Counterintelligence & Liabilities Involving Online Social Media
Current and future undercover officers must now face a world in which facial recognition and Internet caching make it possible to locate an online image posted years or decades before.  There are risks posed for undercover associated with online social media and online social networking Investigations.  This session presents guidelines for dealing with these risks.

2:15-3:15: Session 5 of 6
What Investigators Need to Know about Hiding on the Internet
Criminal investigators and analysts need to understand how people conceal their identity on the Internet.  Technology may be neutral, but the ability to hide ones identity and location on the Internet can be both a challenge and an opportunity.  Various methods of hiding ones identity and location while engaged in activates on the Internet,  provides an opportunity for investigators to engage in covert online research while also providing a means for criminals to engage in surreptitious communication in furtherance of nefarious activities.  As technologies, such as digital device fingerprinting, emerge as ways to attribute identity this becomes a topic about which every investigator and analyst my become familiar.

3:30-4:30: Session 6 of 6
Cyberspace Money Laundering: Tools, Tricks & Techniques
Today, every investigator and analyst must at least understand the basics of the Internet online monetary transactions in order to be effective.  This session addresses eCash to online virtual stored value cards and from virtual currencies to mobile payment systems. The Internet is a panacea for the active or aspiring entrepreneurial criminal.

Understanding Telecommunications Technologies and ISS for LEA Investigators and Intelligence Analysts (Three One Hour Sessions)
Presented By: Dr. Jerry Lucas, President, TeleStrategies

8:30-9:30
Understanding Wireline Telecom Infrastructure, Interception and Related ISS Products
What do LEAs need to know about the public switched telecommunications networks, circuit switching, fiber optics, SS7, SDH, DSL, billing systems and call detail records, standards overview for lawful intercept, basic LI elements (access, delivery and collection function), call information and call content data collection, SS7 probes and relevant telecom network elements.  Circuit Switching vs. VoIP, SIP, SoftSwitches, Gateways, VoIP over Broadband, DSLAM's and PSTN Interconnection.

9:45-10:45
Understanding Mobile Wireless Infrastructure, Interception and Related ISS Products
Infrastructure basics (GSM, GPRS, EDGE, UMTS, HSPA and LTE), Wi-Fi, WiMax and Femtocells, How a cellular call is processed, back office infrastructure, HLR, VLR, Backhaul and PSTN interconnection, data services, SMS, MMS, EM, data services, fixed mobile convergence and IMS.  The basics of mobile wireless technologies, A-GPS, AOA, TDOA, U-TDOA, WLS and location accuracy.  Transforming cell records and location data into actionable intelligence, Smart Phone intercept and wireless provider business model, Apple iPhone, Google Android and LTE Challenges.

11:00-12:00
Understanding the Internet, Interception and Related ISS Products
What Investigators Have To Know about IP call Identifying Information, Radius, DHCP, DNS, etc. and Tracking an Internet Address to a Source, Investigations Involving E-Mail, Websites, Skype, Instant Messaging, Chat Rooms and Message Boards, IMS, P2P Networks and Deep Packet Inspection and what can be done to address Internet intercept deploying ISS infrastructure, what can’t be done without new legislation and future challenges law enforcement and the intelligence community faces.

1:00-4:30
Basics of Internet Intercept for Law Enforcement and Intelligence Analysts (Three One Hour Sessions)
Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies

1:00-2:00
Understanding Web 2.0, IM, P2P and Social Networking Messaging (Facebook, Twitter, ect.)
Learn about advanced IP applications, including: social networking communications models, web2.0 apps, computing models and intercept options.

2:15-3:15
Understanding TCP/IP for Packet Traffic Analysis
Learn the basics/fundamentals of IP network, including: key equipment components, network access types, service provider infrastructure, IP protocol basics, TCP protocols and applications.

3:30-4:30
Understanding DPI for LEAs, Intelligence Analysts and Telecom Operators
Learn packet intercept by example, including: intercept options, probe types, packet capture, packet analysis and application protocol decoding.

1:00-4:30
Visual Analytics For Detecting Criminal Patterns (Three One Hour Sessions)
 This presentation addresses the use of various visualization and representation techniques for understanding a variety of domains ranging from financial crimes and money laundering to narcotics-trafficking and counter-terrorism.  Much of the content presented is based on Mr. Westphal’s recent book, “Data Mining for Intelligence, Fraud & Criminal Detection: Advanced Analytics & Information Sharing Technologies” (CRC Press, December 2008).
Chris Westphal, CEO, Visual Analytics

1:00-2:00
Overview of Analytical Process Using Visualization

2:15-3:15
Data Quality and Integration Approaches Pros/Cons

3:30-4:30
Real World Patterns (e.g. Money Laundering, Fraud, Crime)

8:30-4:30
Implementation of a Tactical Communications Analytical Unit in Your Agency (Six One Hour Sessions)
Robert Lottero, President, NTI Law Enforcement Services

A detailed review of the equipment, hardware, software, analytical/reporting techniques, and concepts necessary to put into operation an analytical unit that can exploit communications records (Landline, cell, VoIP, Satphone, Prepaid calling cards, and emails) in support of criminal and national security investigations

Function of a Tactical Communications Analysis Unit (TCAU)
Acquire real time and historical communications records and perform appropriate analyses to determine relationships, hierarchy, and organizational structure of co-conspirators and identify individual involvement in criminal and/or terrorist activities.  Integrate the results of communications analysis with other intelligence information (activities, financial transaction, surveillance, etc.) collected during the investigative process to generate tactical leads that support the ongoing investigative process.

           
8:30-9:30        
Acquisition of communications records: What to get (real time & historical). How much to get. Validating and understanding records received

9:45-10:45      
Preparing and formatting communications records for computer analysis. 
Hardware and software to pre-process raw communications records for electronic storage

11:00-12:00    
Understanding basic and advanced analytical concepts.
 Enhancing the results of basic contact communications analysis (frequency, common call, etc.). Advanced communications temporal analytical theory.

1:00-2:00    
Understanding the functionality you’ll need in database & analytical software.  Functionality needed to support your operation.  Database storage to properly hold communications and related records.  Selecting advanced analytical software to perform contact and temporal direct and implied analysis of those records

2:00-3:00    
Presentation of findings – Interpreting the results of computerized analysis of communications records and generating tactical leads.  A new approach to writing and presenting analytical reports

15:30-16:30    
Building the TCAU – Staffing- Choosing the right people and training. Working with vendors.  Putting analytical workflow and operational procedures in place. 

8:30-4:30
Cell Phone Intelligence Training (Seven 50 Minute Sessions)
Presented By Breck McDaniel, President, Geocell, LLC.  Breck also holds the position of Sergeant Houston Police Department.

This one day training course will be a thorough introduction to the investigative options that are available to government officials when it comes to cellular telephones. the presentation will cover what data is available, what is "communications intelligence", why use the data, where is the data held, and, how is the data commonly used by law enforcement. The presentation will detail the available categories of information, including forensically available, historically available from companies, and, the surveillance options that exist. Coverage will also discuss important legal considerations, analysis of the data including geographic capabilities, and, tricks and challenges. The presentation will end with important courtroom presentation considerations regarding this valuable data.

8:30-9:30
Introduction; Course Goals and Outline
What is communications data and communications intelligence?; why use the data?; where is the data held?; how do we use the data?; start thinking proactively; assess the needs to access communications data in your cases and balance against other responsibilities; and, why we can't keep ignoring this extremely valuable data!

9:45-10:45
How can you use the data in your cases?
Including activation and subscriber information, payment information, communications("call") detail records (CDRs) (with, and without, geographic data), stored communications such as the content of text messages, voicemails, and emails, and, surveillance options: traps and traces/pen registers (CALEA deliveries), geolocations, cell phone locations, "target developments", communications intercepts ("wiretaps"), and, the prepaid cell phone myth, including what are Mobile Virtual Network Operators (MVNOs)?

11:00-12:00
Legal Block:
Manual searches (physcial forensics); what legal situations and what legal demands get you what?; what legal demands can you use: physical device consent, physical device search warrants, consent for records, subpoenas, court orders, and search warrants for the carriers?' what about accessing stored electronic communications?; "emergency requests", preservation requests; legal demand templates; "boilerplate"; typically two legal burdens (legal threshold); "stepping-stone approach".

1:00-2:00
Introduction to Physical Forensics Considerations Regarding:
Cell Phones, Computer, and Digital Devices, including evidence collection considerations (especially for first responders), fast verse thorough forensic approaches; and, what data is available forensically?

2:15-3:15
Introduction to Law Enforcement Surveillance Capabilities Regarding:
Cell phones, Landlines, and the Internet, including, traps and traces/pen registers [Communications Assistance for Law Enforcement Act (CALEA) deliveries], geolocations, field cell phone locations, "target developments", and communications intercepts ("wiretaps"); and, capabilities that are required to conduct real-time surveillances, including legal issues, hardware and software, financial issues, manpower, data connections, etc.

3:30-4:30
Introduction to Courtroom Presentations of Cell Phone Data; Where is Electronic Communications Data use by Law Enforcement Headed?;
Future challenges and future benefits; where can you get more information and training?; suggestions about developint your own resources and important resources considerations for management, including financial, manpower, hardware, software, key legal concerns, and lobbying your own agency for support; legislative considerations; course evaluations; certificates; and, closing.

8:30-4:30
WIRETAPPING understanding the basics (Six One Hour Sessions)
James Deater, President, T3TECHSYSTEMS James Deater also holds the position of Sergeant, Maryland State Police.

This one day course will be an introduction and overview of wiretap investigations. Wiretap-Title III investigations are a highly advanced investigative technique/tool used by law enforcement and intelligence agencies throughout the United States and abroad. This extremely valuable tool is often not used due to misconceptions and lack of understanding. This one-day course will demonstrate the basics for law enforcement/intelligence agencies to overcome the fears of conducting a wiretap investigation and show how beneficial this tool can be. The class will include current intercept technologies and brief demonstration, the pre-wiretap investigation needed to obtain an interception order, the actual wiretap investigation during the wire, and how to properly manage and run the wiretap room.

8:30-9:30        
Wiretap Technologies
What interception systems are available to government agencies and their benefits. A brief demonstration will be given of the Sytech ADACS4 interception system to give students a real-life glimpse of an operational system.

9:45-10:45      
Pre-Wire Tap Investigation
This block of instruction will explain to the student eh necessary requirements that are needed prior to authoring the wiretap. Items such as PEN registers, surveillance, exhaustion and de-confliction will be addressed. Teh Affidavit, Application for Exparte, Exparte Order (long and short) and minimization will also be explained. Students will be provided with examples on CD.

11:00-12:00    
Detailed Explanation of PEN Analysis
Needed for wiretaps and how to do a PEN analysis without expensive software programs

1:00-2:00    
Case Management, Notifications, 10 Day report, FBI-LEO Virtual Command Center VCC
How to integrate the VCC into your wire investigation.

2:15-3:15    
The Actual Wiretap Investigation
Once you are "online", what to expect, how to manage the information flow, how to "tickle" the wire, how to properly conduct "wall-off" operations and manage the flow of information.

3:30-4:30    
Key Consideration for Setup and Layout of a Wire Room (temporary or permanent)

Class is only open to law enforcement, intelligence analysts and government support personnel only. Due to the sensitive and confidential nature of the information presented ID may be checked prior to class room access.

8:30-10:45
Introduction to Physical Recovery for Digital Forensic and Intelligence Labs
Alvaro Alexander Soto, Director of Digital Forensics & Security Laboratory, Asoto Technology Group

11:00-12:00
Advanced Digital Forensic Process and tools for Law Enforcement and Intelligence Analysts
Alvaro Alexander Soto, Director of Digital Forensics & Security Laboratory, Asoto Technology Group

1:00-2:00
The Basics of Weaponized Information
Stephen Arnold, Managing Partner, ArnoldIT.com

Intelligence professionals have had a number of methods for injecting
information into the media. These include social media, private
newsfeeds, and the use of coordinated messages by contractors or other individuals.
This session examines two case examples of using weaponized information
to position an entity in public Web search results, within real time information
streams, and in "conversations" in social media services. The upside, downside, and broad methodology of injection are reviewed in this one hour session. The formal remarks will be followed by a question and answer session.

2:15-3:15
Cell Phone Calls and Cell Tower Records for Investigators
Call Detail Records are the non-voice records generated by the use of a mobile phone. These records contain a wealth of potential evidence for analysts who know how to read and analyze them. In our session, we’ll introduce attendees to CDR’s, giving them practical skills they can use while working with these records.
Brent Bailey, Cellular Data Resources

3:30-4:30
Cloud Lawful Interception and Data Retention
As cloud virtualization services and facilities scale rapidly worldwide, new sets of capabilities and needs are envisioned. Included in this ensemble are not only LI and data retention for cloud services and facilities, but also LI and data retention as diverse new cloud services. The designations LIaaS (LI as a Service) and RDaaS (Retained Data as a Service) encompass such implementations. The global law enforcement community and industry are working together on two new related work items dealing with these subjects in the ETSI TC LI standards body. Implementations are beginning to appear as offerings. This presentation provides an overview of the work and the related ISS industry opportunities.
Tony Rutkowski, VP, Yaana Technology